org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.tynamo.security.shiro.AccessControlFilter

org.tynamo.security.shiro.authc.AuthenticationFilter

All Implemented Interfaces:: jakarta.servlet.Filter, org.apache.shiro.lang.util.Nameable

Direct Known Subclasses:: AuthenticatingFilter

public abstract class AuthenticationFilter extends AccessControlFilter

Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.

Since:: 0.9

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter
GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URL

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
Constructor Summary

Constructors

Constructor

Description

AuthenticationFilter(LoginContextService loginContextService)
Method Summary

Modifier and Type

Method

Description

protected boolean

isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue)

Determines whether the current subject is authenticated.

protected void

issueSuccessRedirect(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)

Redirects to user to the previously attempted URL after a successful login.

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter
addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details
- AuthenticationFilter
  
  public AuthenticationFilter(LoginContextService loginContextService)
Method Details
- isAccessAllowed
  
  protected boolean isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue)
  
  Determines whether the current subject is authenticated.
  The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();
  
  Specified by:
  
  isAccessAllowed in class AccessControlFilter
  
  Parameters:
  
  request - the incoming ServletRequest
  
  response - the outgoing ServletResponse
  
  mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
  
  Returns:
  
  true if the subject is authenticated; false if the subject is unauthenticated
- issueSuccessRedirect
  
  protected void issueSuccessRedirect(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws Exception
  
  Redirects to user to the previously attempted URL after a successful login. This implementation simply calls WebUtils.WebUtils.redirectToSavedRequest(ServletRequest, ServletResponse, String) redirectToSavedRequest} using the successUrl as the fallbackUrl argument to that call.
  
  Parameters:
  
  request - the incoming request
  
  response - the outgoing response
  
  Throws:
  
  Exception - if there is a problem redirecting.

Class AuthenticationFilter

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

Methods inherited from class java.lang.Object

Constructor Details

AuthenticationFilter

Method Details

isAccessAllowed

issueSuccessRedirect